We run 2 seperate windows AD domain. ABC.com is internal and where we run dev tec etc, our hosted domain is xyz.com. ABC.com is connected by a site to site vpn to xyz.com
when we deploy new software builds to our web servers, we test to make sure that the build has worked by using the following url in our browser <test1.server1.xyz.com>, <test1.server2.xyz.com>

we normally test this over HTTP but thought by having an internal CA within xyz.com we can server this over HTTPS but still making the internal call to check each site against individual server.

internally we have dns enteries that know the internal ip of test1.server1.xyz.com points to over the vpn.

the issue we have is that as xyz.com is an internal domain, our browsers wont allow us access as they are considered non trusted. we installed an internal CA in xyz.com but that now means we have to create a new cert for each site we create per server, we have 500+sites across 8 servers.

the error we receives is as follows:

The owner of site1.server1.xyz.com has configured their web site improperly. To protect your information from being stolen, Firefox has not connected to this web site.

This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate.

any ideas on how to resolve this.

Using Microsoft VPN server\client on Server 2012. The 2012 server is in the cloud, I have set up the VPN server and I'm able to connect to the VPN, I can ping the VPN server, I can RDP to the server when connected to the VPN but I can not access a share on the server. This is a single server (non-domain) solution that remote clients need to access a database on this server. Port 139 is open, The VPN clients get an IP address on the same subnet as the server. when trying to access the share via IP \\999.999.99.99\share  I get Windows cannot access never prompts for user id. I have checked share and NTFS rights and the VPN users should have access. I get same results on Win10 VPN client and Win 7 VPN client

I am installing WatchGuard SSL Vpn software which is using Open VPN software and it has TAP network driver but I can't install it unattended. Does anybody know how to install OpenVPN un-attended including TAP-Windows adapter?

Hey all, we are getting rid of our on premise DC which has our file server on it as well and move to the cloud completely....the question is how to handle our file server in the cloud.  

I see two options:

1) Use azure files....I know it doesn't have Azure AD integration yet but I am ok with that since you can still do some sort of permissioning.  But is there a way to deploy the mapped drive automatically to Azure AD and/or Intune users?

2) Use a Server 216 server in the cloud and put the file server on it....the problem is that I think it has to be joined to Azure AD-DS...and go over a site2site vpn which would be pretty slow.

Another question that I have is…if we implement Azure AD-DS….and join an Azure VM to Azure AD-DS, does that make Azure AD useless and unusable?

Do we need a site-2-site VPN tunnel between Azure and our offices to use Azure AD-DS?

How would our client desktops/users in the office access the Azure VM and authenticate if Azure AD-DS? Do we have to join the local client machines to Azure AD-DS or will our Azure AD accounts (tied to our O365 accounts) still work?

What is the process to connect an iPhone X to a remote Windows network using the Always On VPN?

What is the process to connect a Mac OS X laptop to a remote Windows network using the Always On VPN?

I have established two VPN connections in AWS from an environment to a third party Cisco VPN firewall.  Everything is set up as it should be, but we are unable to bring the tunnel up.

I a nutshell, we have established two independent VPN connections, with each on going to a different datacentre.  The configuration has been supplied to the 3rd party agency who are managing an external service that connects through the tunnel to another agency.  The two tunnels are set up as Active and DR tunnels, but will carry the same traffic. in the event of failure, and then our traffic is NAtted twice to reach the destination.

We have tried a number of things but still unable to get the tunnels up from either main or DR datacentre firewalls.

The problem seems to lie in the tunnel configuration; apparently there is an issue with using SLA monitors to keep the tunnel up from the Cisco side; obviously without this the VPN connection will drop.  The information I have seen seems to imply we need to setup a "route all" tunnel at the customer side and then employ static routes to get the right traffic down the tunnel to the firewall - which will cause major issues as our VPC supernet overlaps their networks; also we only want to allow 3 machines on two subnets through the tunnel.

Our other problem is how the VPN failover will work for the DR tunnel.  They are monitoring and will automatically fail over to the secondary VPN tunnel should an issue occur with the primary datacentre …

Hello everyone,

I've been trying to set up a VPN between windows server 2016 and mac os x client.

The connection gets established but I can not access the resources.
The internet connection is also gone. What I really wanted to do is split vpn.

This is the configuration on the Server:

#################################################
#################################################
#listen on IPv4
local 10.0.60.51
 
#the default port is 1194
port 1194
 
#UDP protocol chosen for better protection against DoS attacks and port scanning
proto udp
 
#using routed IP tunnel
dev tun
 
# ----------------------------------------------
# Zertifikate
# ----------------------------------------------
 
dh ..//server-keys//dh4096.pem
ca ..//server-keys//ca.crt
cert ..//server-keys//lexp-svr-101.crt
key ..//server-keys//lexp-svr-101.key
 
# ----------------------------------------------
# Server-Setup
# ----------------------------------------------
 
#set OpenVPN subnet
server 10.64.60.0 255.255.255.0
 
#maintain a record of client-to-virtual-IP-address
ifconfig-pool-persist ipp.txt
 
#cryptographic cipher, must be the same (copied) on the client config file as well
#cipher AES-256-CBC
 
client-to-client
 
# ----------------------------------------------
# Client-Settings (inkl Special Dir)Files
# ----------------------------------------------
 
#client-config-dir "C:\Program Files\OpenVPN\ccd"
push "route 10.0.60.0 255.255.255.0"
 
 
# 

Select all Open in new window

…

I have a watchguard M270, the customer has a hosted server they connect to via ipsec. What policy could I enable to allow the ipsec vpn outbound.

While I am connected to my organization's internal network using the Always on VPN connection (while outside of the office) I am able to successfully browse network shares on the Hyper-V base server and virtual servers using the \\hostname\C$ convention but can't browse these same network shares using the  \\internal IP address\C$ convention.

The internal IP address scheme used by my organization is uniqute and isn't widely used amoung other networks, 10.88.188.x (or by the networks I am connected to while establishing the Always On VPN connection).

I am also able to successfully browse these same C$ network shares while within my organization's internal network and connected using Wi-Fi or an Ethernet cable.

What can I do to fix this issue so I will be able to connect to and browse my organization's server's C$ shares using their IP addresses while outside of the office and connected to my organization's internal network using the Always On VPN connection?

While connecting to my organization's Always on VPN using my Windows 10 computer I am prompted to choose between two certificates.

I know which certificate to choose and which one won't work.

How can I remove the wrong certificate so that I will no longer be prompted to choose a certificate while connecting to my organization's Always on VPN?

We have a pfsense setup with the following settings below. If we want a customer to have management access to 10.70.0.100 (Networks Accelerator). How would we set it up? There is currently a OpenVPN setup to allow 172.28.11.0/24 netblock

LAN: 172.28.4.12
WAN: 172.28.10.254

RADIUS VPN fails to connect due to NPS error.

We have a router doing Radius passthrough to Server 2012 R2 using NPS.

The policies have been created via a wizard and appear correct.
I have a security group in AD that I am testing with a test account.

When initiating the connection externally it times out and returns the following from the NPS event logs:

Network Policy Server denied access to a user.

Contact the Network Policy Server administrator for more information.

User:
      Security ID:                  dc.local\testing123
      Account Name:                  dc.local\Testing123
      Account Domain:                  RSCdc.local\Testing123

Client Machine:
      Security ID:                  NULL SID
      Account Name:                  -
      Fully Qualified Account Name:      -
      OS-Version:                  -
      Called Station Identifier:            -
      Calling Station Identifier:            -

NAS:
      NAS IPv4 Address:            192.168.23.5
      NAS IPv6 Address:            -
      NAS Identifier:                  -
      NAS Port-Type:                  -
      NAS Port:                  -

RADIUS Client:
      Client Friendly Name:            draytek vigor 2920
      Client IP Address:                  192.168.23.5

Authentication Details:
      Connection Request Policy Name:      Use Windows authentication for all users
      Network Policy Name:            -
      Authentication Provider:            Windows
      Authentication Server:            dc.local
      Authentication Type:            MS-CHAPv2
      EAP Type:                  -
      Account Session Identifier:            -
      Logging Results:                  Accounting information was written to the local log file.
      Reason Code:                  48
      Reason:                        The connection request did not match any configured network policy.


NPS is …